home

MaxigetUpdater.exe

Maxiget Updater

Maxiget Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application MaxigetUpdater.exe by Maxiget Limited has been detected as adware by 6 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named MaxigetUpdaterTaskMachineCore triggered to execute each time a user logs in. While running, it connects to the Internet address hosted-by.leaseweb.com on port 80 using the HTTP protocol.
Publisher:
Maxiget Ltd.  (signed by Maxiget Limited)

Product:
Maxiget Updater

Version:
70.3.29.7018

MD5:
8409ee56b279b55839a924d05b4dbeb5

SHA-1:
4b7ecb38f9f96e3896c592303439c1d612bdfcaa

SHA-256:
39340f6c7b28c23f369ec0130f833e9eed85ffc52b07377095ef9124955df85d

Scanner detections:
6 / 68

Status:
Adware

Explanation:
This is a modified installer version of the software and bundles additional offers including adware.

Analysis date:
11/23/2024 2:54:08 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
2014.9-150822

AVG
Generic
2015.0.3369

Baidu Antivirus
PUA.Win32.4Shared
4.0.3.14827

Microsoft Security Essentials
Threat.Undefined
1.203.2586.0

Reason Heuristics
PUP.MaxigetLimited.O
14.8.27.21

VIPRE Antivirus
Threat.4721115
41424

File size:
128.4 KB (131,480 bytes)

Product version:
70.3.29.7018

Copyright:
Copyright 2007-2010 Google Inc.

Original file name:
MaxigetUpdater.exe

File type:
Executable application (Win32 EXE)

Language:
Spanish

Common path:
C:\Program Files\maxiget\updater\maxigetupdater.exe

Digital Signature
Signed by:
Maxiget Limited

Authority:
GoDaddy.com, Inc.

Valid from:
6/3/2014 3:41:06 AM

Valid to:
8/15/2016 1:41:32 AM

Subject:
CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
043F9C868704FA

File PE Metadata
Compilation timestamp:
8/27/2014 2:42:07 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:URDJMLPH4+5dI+FIY96K3tTNIK5Ua5DNNSlHp3qKL6npe/+YYQAUzTStVGZcGNOp:6D2LXI+jn

Entry address:
0x3D1E

Entry point:
E8, 70, 21, 00, 00, E9, 79, FE, FF, FF, 6A, 0C, 68, 58, 0E, 41, 00, E8, 08, 01, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, 80, EB, 40, 00, 03, 75, 43, 6A, 04, E8, 5A, 23, 00, 00, 59, 83, 65, FC, 00, 56, E8, 82, 23, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, A3, 23, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, 46, 22, 00, 00, 59, C3, 56, 6A, 00, FF, 35, EC, D5, 40, 00, FF, 15, 8C, F0, 40, 00, 85, C0, 75, 16, E8, 78, 07, 00...
 
[+]

Entropy:
5.6135

Code size:
40.5 KB (41,472 bytes)

Scheduled Task
Task name:
MaxigetUpdaterTaskMachineCore

Trigger:
Logon (Runs on logon)

Action:
maxigetupdater.exe \c

Description:
Mantiene actualizado tu software de Maxiget. Si esta tarea se desactiva o se detiene, tu software de Maxiget no se mantendrá actualizado, lo que impli


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (95.211.186.171:80)

Remove MaxigetUpdater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.